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1 TITLE OF INVENTION: System and Method for Storage And Retrieval Of Information Subject to 

2 Authorization By A Data Controller 

3 

4 INVENTORS: Elliott D. Light, Ali Ersheid 

5 RELATED APPLICATION DATA 

6 The present disclosure is a continuation-in-part application related to the U.S. Patent Application 

7 entitled "A System And Method For Merchant Invoked Electronic Commerce", Serial No. 09/167,873, filed 

8 October 7, 1998, from which priority is claimed. 

9 FIELD OF THE INVENTION 

10 This invention relates generally to a method and system where certain information pertaining to a 

1 1 data subject is stored on a server and is provided to a third party at the request of the data subject. More 

12 particularly, the present invention relates to a method and system where certain data subject information 

13 is stored on a server and is associated with a third party controller. The information may be provided to 

14 the controller, or to an party authorized by the controller (an "authorized data recipient"), thereby allowing 

15 the data subject to deliver information related to the data subject over a network in an easy and safe 

16 manner. 

17 BACKGROUND OF THE INVENTION 

18 The essence of electronic commerce is the exchange of information. The most common form of 

19 electronic commerce entails the purchase of products over the Internet using a credit card. Information 

20 necessary to consummate a credit card transaction includes thedata subject's name, address, credit card 

21 information, and the amount to be charged. While the term "electronic commerce" is generally associated 

22 with the purchase of goods and services over the Internet, the term encompasses other transactions as 

23 well. For example, applications for insurance, college admissions, and loans are transactions that are not 

24 purchase transactions. Hence the term "transaction" is generally used herein to describe all manner of 

25 interactions over a network of the type noted above. The common element to all transactions is the 
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1 transfer of data from one party to another. 

2 A person who wants to send personal data (the "data subject") can either type in the required 

3 information each time a transaction is consummated or store the data for retrieval. Typing in data is not 

4 only inefficient and prone to errors, but discourages Internet commerce. Using a local software solution is 

5 generally considered undesirable, as most such software programs are proprietary to a particular 

6 payment system, require the data subject to become skilled in the operation of the program, and are 

7 perceived as slow or unwieldy. 

8 Repositories of data subject information exist in the "brick and mortar" world as well as the virtual 

9 world of the Internet. Associations like AARP and AAA have large membership databases. Some 

p% 10 merchant sites on the web require data subjects to "register" with the merchant. These collections of data 

fi 11 subject data have value outside their original purpose of facilitating purchasing. For example, a merchant 

12 may provide a registered data subject with certain member benefits. The holder of this data subject data 

s \ 13 may alsoexploit this information selling it to third parties for marketing purposes. 

* v 14 While databases of data subject information are inherently valuable, it is not easy for a controller 

15 of one of these databases to provide a data subject access to his or her data in a way that facilitates 

^ y 16 Internet commerce. Even if a data controller could make data subject information available to a data 

O n subject, the data controller would have to deal with the costs associated with providing the means of 

18 capturing the data subject data needed for a particular transaction and associated with protecting the 

19 data. Finally, if a data controller managed to make its data usable for commerce, it might prove difficult to 

20 leverage that data by making it available to others authorized by the controller to receive it. 

21 Therefore, a need exists for a system that allows a controller of data subject information (the 

22 "data controller") to collect and securely store information from data subjects and to make data subject 

23 information available to the data subject to send selected information to the controller or to an authorized 

24 data recipient which could for the purposes of the application be a merchant, a college in case of 

25 application information, and other situations where information must be repetitively provided to a plurality 

26 of recipients, over the Internet in a manner that offers security and allows access from any computer. A 
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1 system to provide this for merchants is disclosed in copending application Serial No. 09/167,873, filed 

2 October 7, 1998, incorporated herein by reference in its entirety. The present invention expands upon 

3 this system to data controllers and authorized data recipients. 

4 SUMMARY OF THE INVENTION 

5 It is therefore an object of the present invention to reduce the number of steps a data subject is 

6 required to perform in order to complete a transaction over any network. 

7 A further object of the present invention is to reduce the number of steps a data subject is 

8 required to perform in order to complete a transaction over the Internet. 

9 A further object of the present invention is to eliminate storage and retrieval software that is 

10 permanently stored on the data subject's computer used generally herein as a "network communication 

11 device" or NCD. 

12 A further object of the present invention is to create a data repository for storing data subject 

13 information that can be operated by a data controller and accessed easily and transparently by a data 

14 subject. 

15 A further object of the present invention is to allow authorized data recipients to access 

16 purchasing information relating to data subjects who are registered with data controllers without requiring 

17 a new registration. 

18 A further object of the present invention is to allow authorized data recipients to register new data 

19 subjects whose data will reside with data controllers in a data repository. 

20 A further object of the present invention is to allow a data subject to conduct transactions using 

21 data stored in the data repository from any computer connected to the network on which the data 

22 repository resides. 

23 A further object of the present invention is to use the the data repository to aid the data subject in 

24 distributing all manner of information, not just purchase/money information, to a variety of recipients when 

25 those recipients are to receive essentially the same information from one recipient to the next. 
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1 A further object of the present invention is to provide a mechanism for direct marketing or 

2 distribution of relevant information to data subjects immediately before, during, or after completion of a 

3 transaction using a the data repository. 

4 jhe present invention is a system for presenting a data subject's information to an authorized 

5 data recipient's computer to allow transactions to be consummated. The transaction may be the simple 

6 transmission of selected data subject information or for a purchase and sale of goods or services. The 

7 nature of the transaction will determine what data subject data is stored and presented. The system 

8 comprises a network communication device (NCD) associated with a data subject (the "data subject's 

9 NCD"), a computer associated with an authorized data recipient (the "authorized data recipient's 

10 computer"), and a server (the "data repository") on which the necessary and desirable information about 

1 1 the data subject is stored. The data subject's NCD, the authorized data recipient's computer, and the 

12 data repository are connected to a network, such as, but without limitation, the Internet, and communicate 

13 using communication protocols. The data subject's NCD can interpret and process files from the data 

14 recipient's computer and the data repository using software resident on the data subject's NCD(the "NCD 

15 software"). The authorized data recipient's computer operates a web server, provides transaction 

16 processing, and performs other functions. The authorized data recipient's computer may be a single 

17 device, or may, at the authorized data recipient's discretion comprise a number of devices that may or 

18 may not be co-located. The authorized data recipient's computer also operates software ("client 

19 software") that communicates with the data repository. The data repository, which is controlled by a data 

20 controller, operates data repository software, which provides access to information stored in various 

21 databases, logs, and/or datastructures of the data repository. Data controllers specify a list of authorized 

22 data recipients to the data repository with whom the data controllers' registered data subject information 

23 can be shared. Note that if the data controller is also a user of data subject information, the data 

24 controller will be acting as an authorized data recipient. 

25 The present invention allows data subjects to send transaction information over a network and 

26 allows authorized data recipients to receive data subject information relating to that transaction. In the 

27 preferred embodiment, the transaction involves the purchase of goods and services. The network 

4/26/2000 Data Controller 042500 doc 4 



1 connecting the data subject's NCD, the authorized data recipient's computer, and the data repository is 

2 the Internet, and the transaction data is purchasing data. However, the invention is not limited to a 

3 purchase transaction. As noted earlier, other types of transactions where information is exchanged is 

4 within the scope of the present invention. 

5 During the web surfing process, a data subject browses an authorized data recipient's Web site 

6 via the data subject's NCD. The NCD may be any communications device connected to the network. In 

7 this example, it is assumed that the NCD is a computer. The authorized data recipient's Web site invites 

8 the data subject to send a set of data subject information to the authorized data recipient thereby 

9 consummating a transaction (an "offer"). 

10 The authorized data recipient's Web site also operates client software. When the data subject 

1 1 accepts the authorized data recipient's offer to consummate a transaction, the client software sends both 

12 a file readable by the NCD software and the authorized data recipient's offer to the NCD software that is 

13 resident on the data subject's NCD. The NCD software readable file includes information to identify the 

14 authorized data recipient, an address for the authorized data recipient's Web page and instructions that 

15 instruct the NCD software to communicate with the data repository software. The authorized data 

16 recipient's offer passes through the data subject's NCD to the data repository software resident on the 

17 data repository. 

18 The data repository software verifies that the authorized data recipient is known to the data 

19 repository and identifies the data controllers that have authorized the authorized data recipient to receive 

20 data subject information. The data repository then returns a message to the NCD software and instructs 

21 the NCD software to display a dialog box within an area reserved for the dialog box within the authorized 

22 data recipient's Web page. The content of this dialog box depends on whether or not the data subject is 

23 known to the data repository software. 

24 If the data subject is known to the data repository software, because of prior registration of the 

25 data subject, the data repository software determines if the data subject was registered by or in 

26 association with a data controller and if that data controller has authorized the authorized data recipient 

27 that sent the offer to receive the data subject's information. If the authorized data recipient is so 
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1 authorized, the data repository software takes information contained in the authorized data recipient's 

2 offer, formats the information to allow the NCD software to display the authorized data recipient's offer, 

3 and sends the authorized data recipient's offer to the data subject's NCD where the authorized data 

4 recipient's offer is displayed by the NCD software in a dialog box within the area reserved for the dialog 

5 box within the authorized data recipient's Web page. The data subject is prompted to decide whether or 

6 not to complete the transaction. Typically, this communication occurs by the data subject clicking on an 

7 object resulting in a message being communicated to the data repository. 

8 If the data subject elects to complete the transaction, the data repository software forwards the 

9 data subject's information to the authorized data recipient's computer. The information includes 

10 information from the authorized data recipient's offer and the data subject's information (e.g., credit card 

11 number, address, shipping address, social security number, etc.) that is stored on the data repository. 

12 The authorized data recipient's computer then uses the information to complete the transaction. 

13 If the data subject is unknown to the data repository software, or if the data subject is known to 

14 the data repository software but the authorized data recipient sending the offer is not authorized by the 

15 data controller associated with the data subject to receive such data subject information, the data 

16 repository software sends a form to the data subject's NCD which is displayed in a dialog box within the 

17 area reserved for the dialog box within the authorized data recipient's Web page. The form prompts the 

18 data subject to provide the information necessary to complete the transaction. Once the data subject 

19 provides sufficient information to complete the transaction, the data repository software prompts the data 

20 subject to complete the transaction. 

21 If the data repository software does not know the data subject, the data subject may be asked to 

22 register with the data repository under several scenarios. For example, the data subject may have 

23 reached the authorized data recipient's page through a link associated with the data controller. If the 

24 authorized data recipient is authorized by the data controller to receive data subject information, at the 

25 completion of the transaction with the authorized data recipient the data subject may be prompted to elect 

26 to have the information retained on the data repository for future use (the process herein referred to as 

27 "registration"). If the data subject answers "no", then the information is stored in a temporary data 
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1 structure. Information stored in the temporary data structure is retained for a set amount of time and is 

2 not available for reuse by the data subject. If the data subject answers "yes", then the information 

3 pertaining to the data subject is stored in a data structure intended for the retention and future use by the 

4 data subject and becomes a registered data subject of the data controller. The registration process is 

5 disclosed in copending application Serial No. 09/167,873, filed October 7, 1998, incorporated herein by 

6 reference in its entirety. 

7 If the data subject elects to register with the data repository software, during the registration 

8 process, the NCD software is sent an NCD software identifier, in the preferred embodiment, the NCD 

9 software is a browser and the browser identifier is a cookie. The NCD software identifier contains data 

10 that are crypto graphically protected to enhance security. The NCD software identifier allows the data 

1 1 repository software to identify the NCD software and permits a data subject to authenticate himself or 

12 herself, thereby permitting the data repository software to use the data subject's stored information in 

13 future transactions. 

14 The system also allows data subjects who are registered on a different NCD to authorize the 

15 data repository software to use the data subject's stored information. This situation occurs when the data 

16 repository software cannot identify the NCD software identifier because there is no NCD software 

17 identifier in the NCD software or the NCD software identifier cannot be used to identify the particular data 

18 subject using the NCD software. 

19 Since the system of the present invention establishes communication links between the 

20 authorized data recipient's computer and the data repository, the system can be optimized in several 

21 respects. For example, the price of goods or services may be affected by the relationship between the 

22 data controller and authorized data recipients, the location to which the item is to be shipped, the method 

23 of shipping, and by tax obligations. The data repository software communicates information pertaining to 

24 the data subject to the authorized data recipient's computer permitting the authorized data recipient's 

25 computer to determine a "final" price based on the data subject's information, i.e., shipping address 

26 and/or preferences. 
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1 Another example of optimization is the ability of the data repository software to present a data 

2 controller or authorized data recipient's brand, both brands, or other "brand" to the NCD software. If the 

3 data subject is making a purchase (first or repeat) at a authorized data recipient Web site, a top graphic 

4 and colors used by the data repository prompt can be specified by the authorized data recipient offer and 

5 a bottom graphic used by the data repository prompt can be specified in accordance with the data 

6 controller involved. The data repository software can also associate a data subject with an identification 

7 code that can be presented to the authorized data recipient's computer, thus allowing the authorized data 

8 recipient to "recognize" a data subject and provide customer-specific messages, displays, and offers. 

9 The data repository software can tailor its communication with the data subject's NCD in accordance with 

10 a profile created by the data repository software. The profile is based upon preferences chosen by the 

1 1 data subject or created by the data repository software based on the data subject's behavior, from 

12 preferences chosen by the data controller or authorized data recipient, by a branding party, or the like. 

13 With respect to data subjects, the system is optimized to provide all of the transaction information 

14 to the data subject thereby allowing the data subject to verify the information and make a decision to 

15 complete a transaction without further information input from the data subject. The system can also 

16 establish a dialogue between the data subject's NCD and the data repository to permit the data subject to 

17 select from options such as which credit card to use, the shipping address, and the shipping means. 

18 The relationship between the data controller and authorized data recipient further allows the 

19 customer to shop at a wider variety of authorized data recipients without having to repeatedly register with 

20 each one. 

21 

22 BRIEF DESCRIPTION OF THE DRAWINGS 

23 Figure 1 illustrates the overall architecture of the present invention. 

24 Figure 2A illustrates the process of consummating a transaction over a network. 

25 Figure 2B illustrates the process of consummating a transaction over a network (continued). 
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1 Figure 2C illustrates the process of consummating a transaction over a network (continued). 

2 Figure 2D illustrates the process of consummating a transaction over a network (continued). 

3 DETAILED DESCRIPTION OF PREFERRED EMBODIMENT 

4 For the purpose of this application, the term software is deemed to include instructions. 

5 Referring to Figure 1, the overall architecture of the present invention is illustrated. The present 

6 invention allows data subject 100 to conduct a transaction over network 160 and allows authorized data 

7 recipient 120 of a data controller (not shown) to receive information relating to the transaction. 

8 To complete a transaction, data subject 100 uses data subject network communication device 



9 ("consumer's NCD") 102. Data subject's NCD 102 can be a computer or a wireless device and operates 

10 software that is either a Web browser or emulates a Web browser (the "NCD software") 104. In either 

11 case, the NCD software has the requisite capability of displaying the information supplied by data 

12 recipient computer 122. The NCD software 104 allows data subject 100 to download and display Web 

13 pages or other information from the authorized data recipient's computer 122. 

14 To receive information relating to the transaction, authorized data recipient 120 uses authorized 

15 data recipient's computer 122. Data recipient's computer 122 operates Web server software 124 and 

16 client software 126. Web server software 124 displays an authorized data recipient's Web pages. Client 

17 software 126 allows authorized data recipient 120 to communicate with the data repository (the "data 

18 repository") 140. An authorized data recipient may be an authorized data recipient for multiple data 

19 controllers, but only needs to load a single copy of the client software 126. 

20 In the preferred embodiment, data repository 140 is under the control of a data controller although 

21 this is not meant as a limitation since the data repository need not be under control of the a data controller 

22 but can operate independently. However, for this embodiment the data repository is under the control of 

23 a data controller and comprises data repository software 142 which gathers and stores the transaction 

24 information of data subjects registered with a data controller (or on behalf of a data controller through a 

25 authorized data recipient) to complete a transaction over common network 160, temporary data structure 

26 144 which stores data subject information for a limited amount of time and cannot be used in future 
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1 transactions, data subject data structure 146 which stores data subject information associated with a data 

2 controller that can be used in future transactions, authorized data recipient data structure 148 which 

3 stores information pertaining to the data controller or authorized data recipient, data subject transaction 

4 log 150 which stores information pertaining to the transactions for registered data subjects, and 

5 authorized data recipient transaction log 152 which stores information pertaining to transactions for 

6 registered and non-registered data subjects. 

7 Consumer NCD 102, data recipient's computer 122, and data repository 140 are connected to 

8 common network 160. The present invention can operate over various types of common networks both 

9 wired and wireless. The present invention can operate over the Internet, cable systems, satellite 

10 systems, wireless networks, intranets, LANS, and WANS however this list should not be construed as a 

11 limitation. In the preferred embodiment, the common network is the Internet. 

12 It should also be noted that a network 160 may actually comprise more than one network. This 

13 would be the case where the data subject's NCD is a wireless device which must first communicate over 

14 a wireless network and then over the Internet. 

15 Data repository software 142 gathers and stores the information needed to complete a 

16 transaction over common network 160. Data repository software 142 gathers the information directly from 

17 data subject 100, from data subject data structure 146 or from both. 

18 Temporary data structure 144 stores information relating to a particular interaction between data 

19 subject 100 and authorized data recipient 120. 

20 Authorized data recipient data structure 148 stores information relating to authorized data 



21 recipients associated with the data controller , including authorized data recipient 120, that have 

22 completed the registration process with the operator of data repository 140 (either directly or through the 

23 authorized data recipient on behalf of a data controller). The information in authorized data recipient 

24 data structure 148 represents information that is necessary to identify authorized data recipient 120 and 

25 authorized data recipient computer 122. This information also includes contact information, authorized 

26 data recipient identification number, data controller information, network iocation(s) for the authorized 
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1 data recipient computer 122, the type of transaction accepted, accepted payment card types, accepted 

2 currencies, and payment methods (e.g., electronic check, micropayments). This list of information should 

3 not be construed as a limitation and is illustrative only. 

4 Consumer transaction log 150 stores information relating to transactions performed by registered 

5 data subjects. Authorized data recipient transaction log 152 stores information relating to transactions 

6 performed by registered and non-registered data subjects, including data subject 100. The operator of 

7 data repository software 142 can allow data subjects and authorized data recipients access to the 

8 information contained in their respective data structures as deemed necessary. For instance, data 

9 subject 100 can be given a summary of the data subject's transactions over a period of time. Authorized 

10 data recipient 120 can be given a summary of the authorized data recipient's transactions over a period of 

11 time. 

12 Referring to Figures 2A, the process of purchasing an item over a network is illustrated. The 

13 following process is the preferred embodiment of the present invention.! In alternate embodiments, similar 

14 processes can occur in different orders. Additionally, a transaction involving the exchange of information 

15 may involve the storage and retrieval of data different from that described in the following example. 

16 In the preferred embodiment, data subject 100 and authorized data recipient 120 are registered 

17 with and known to data repository 140. The process by which data subject 100 becomes registered and 

18 the handling procedures in the even one or both are not registered are described in copending application 

19 Serial No. 09/167,873, filed October 7, 1998, incorporated herein by reference in its entirety. 

20 The purchasing process starts with a data subject requesting a authorized data recipient's offer 

21 200 from a authorized data recipient. In response to the data subject's request, the authorized data 

22 recipient's computer responds by sending both a file that is readable by the NCD software and the 

23 authorized data recipient's offer to the data subject's NCD 202. The NCD software processes the 

24 browser readable file and sends the authorized data recipient's offer and a message which is received by 

25 data repository 204. The authorized data recipient's offer includes the following information, however 

26 this information is not meant as a limitation since other data types may also be useful: authorized data 
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1 recipient identifier, price of the item, a form of digital signature of the authorized data recipient, a final 

2 price indicator, and a transaction number. The authorized data recipient identifier identifies the 

3 authorized data recipient who is offering the item for sale. The identifier is used to confirm that the 

4 authorized data recipient is known to the data repository and to associate the authorized data recipient 

5 with one or more data controllers 205. The price of the item is cost to purchase the item. A digital 

6 signature of the authorized data recipient is used to ensure the validity of the offer. The final price 

7 indicator is used to indicate whether the final cost for the item is affected by the data subject's shipping 

8 address and/or shipping preference. The transaction number is used for tracking purposes. The 

9 transaction number does not contain any product identifying information. The transaction number acts as 
10 an identifier for identifying a transaction. 

^ 1 1 The message sent from the NCD software to the data repository indicates whether the browser 

tli 12 contains a browser identifier (an NCD software identifier). In the preferred embodiment, the browser 

fi 13 identifier is a cookie and comprises a unique identifier that differentiates it from all other identifiers. A 

14 browser identifier identifies the data subject browser on a specific data subject computer. The data 

h 15 repository software receives and processes the message to determine if the NCD software contains an 

4~ 16 identifier that identifies a data subject that matches a data entry in a file in the data subject data structure 

\i 17 of the data repository 206. 

O 18 The data repository software also determines whether a single user or multiple users have used 

19 the NCD software by checking the data subject data structure and by permitting data subjects to access 

20 their data from remote computers. The processes by which these features are implemented are 

21 described in detail in copending application Serial No. 09/167,873, filed October 7, 1998, incorporated 

22 herein by reference in its entirety. 

23 If the data repository software determines that the information provided by the data subject 

24 matches the information the data subject supplied during registration, then using the authorized data 

25 recipient identifier included in the offer sent to data subject computer (Figure 1 , 102) by authorized data 

26 recipient computer (Figure 1 , 122), the data repository software will determine if the authorized data 

27 recipient that delivered the offer to the data subject has been authorized by the data controller to receive 
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1 data subject information stored on the data repository 207. 

2 If the data repository software determines that the information provided by the data subject 

3 matches the information the data subject supplied during registration and the authorized data recipient is 

4 authorized by the data controller, then the data repository software accesses and gathers the data 

5 subject's information which is stored in the data subject data structure 214. 

6 If the data repository software determines that more than one user is using the data subject's 

7 NCD 208, the data repository software asks for user identification 210. Based on the user information, 

8 the data repository determines if the user is known 212. if so, user data is retrieved from the data 

9 repository. If the user is not known, the data repository prompts the use to enter further information to 

10 become registered or to provide information to complete the transaction. 

1 1 Referring to Figure 2B, the process flow continues. If the data repository software determines 

12 that the information provided by the data subject is insufficient to identify the data subject or that the data 

13 subject and data recipient are not associated with a common data controller, then the data repository 

14 software prompts the data subject for the purchasing information to complete the transaction by 

15 displaying forms to be completed 216. The response from the NCD software is received by the data 

16 repository 218. 

17 The data repository software extracts the data from the completed forms 220 and stores the data 

18 in a temporary data structure 222. The information acquired from the forms is evaluated to determine if 

19 the information from the data subject is sufficient to complete the purchase transaction 224. This step 

20 includes the data repository software accessing the authorized data recipient data structure using the 

21 authorized data recipient identifier to ensure that the data subject's purchasing information is in proper 

22 order, i.e., to check that the data subject's credit card accepted by the authorized data recipient. If the 

23 information is not sufficient, the data subject is prompted for the information again 216. The operator of 

24 the data repository can set the number of iterations that the data subject is prompted for the information. 

25 If the data is sufficient, the data subject is asked to purchase the item 226. If the data subject declines 

26 the transaction, the dialog ends 228. if the data subject decides to buy the item, the data collected in the 
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1 form is sent to the data recipient 230. However, the transaction data is not permanently stored at the 

2 data repository. 

3 Referring to Figure 2C, the process flow continues. Once the data repository software 

4 determines that the data subject's information is sufficient to complete the purchase transaction, the data 

5 repository software then determines if the price of the item needs to be adjusted for shipping costs 236. If 

6 price adjustment is required, new price information is obtained from the authorized data recipient 230. 

7 The revised offer is then presented to the data subject 240. If no price adjustment is required 236, the 

8 final offer is presented to the data subject 240. The system next displays the offer and determines if the 

9 data subject needs to enter a passphrase. If the data subject is a registered data subject of the data 

10 controller who has not gone through the authentication process yet, then offer is then augmented with a 

1 1 prompt for the user to enter the data subject's passphrase 244. The data repository software evaluates 

12 the entered passphrase against data held in the data subject data structure 246 to determine if the data 

13 subject is known (registered) by the data repository software. If the passphrase does not match, then the 

14 data subject is prompted for the correct passphrase 244. The operator of the data repository can set the 

15 number of iterations that the data subject is prompted for a correct passphrase to avoid multiple 

16 fraudulent attempts to access information. 

17 Once the data subject enters a correct passphrase or if there was no browser identifier for the 

18 data subject, the data subject is presented with a buy decision 248. The data subject has several options 

19 available at this step: the data subject can elect to buy the item, change the data subject's information 

20 and buy the item, or cancel the transaction. If the data subject elects to change the data subject's 

21 information, the data subject must still decide to either buy the item or cancel the transaction after 

22 changing the information, if the data subject declines to purchase the item, then the transaction is 

23 canceled 250, and the information held in the temporary data structure is deleted, the dialogue ends and 

24 the transaction is terminated 250. 

25 The data subject also has the option of changing the data subject's information. The data 

26 subject may wish to change such information for such reasons as the data subject does not agree with 

27 the selection by the data repository software or the information contains an error. For instance, if the data 

4/26/2000 Data Controller 042500.doc 14 



1 subject wishes to change the shipping address, the data subject can enter a new shipping address. In 

2 some instances, the data subject can have a plurality of possible entries into the same information block 

3 with a preferred entry. In such a situation, the data repository software chooses the preferred information 

4 to enter into the information block. The data repository software chooses the information via any 

5 selection process known in the art, such as most popular, last used, first used, etc. However, the data 

6 repository software cannot enter information into an information block if the authorized data recipient will 

7 not allow such an entry. For instance, a authorized data recipient may only accept the ACME credit card 

8 and the data subject has not previously used an ACME credit card to purchase an item using the present 

9 invention. In such a situation the data repository software prompts the data subject to provide an 

10 acceptable form of payment. Information options are available to the data subject in the form of directory 

1 1 of addresses, shippers, shipping methods, credit cards, and other information options. 

fLJ 12 Referring to Figure 2D, if the data subject elects to purchase the item, then the information 

13 regarding the transaction is delivered to the authorized data recipient's computer, information is written to 

14 the authorized data recipient transaction log, and a message confirming the transaction is sent to the data 
^ 15 subject's NCD 252. The information regarding the transaction is written to the data subject transaction 

4* 16 log 256. 

V ?5? 

;^ s 

17 The transaction process ends 264. 

18 If a data subject is registered with more than one data controller and attempts to make a 

19 purchase with a authorized data recipient common to both data controllers, the data subject registration 

20 used to make the purchase is determined by the authorized data recipient and can be determined, for 

21 example, according to the particular area of the authorized data recipient Web site accessed by the data 

22 subject or according to the previous or linking site used by the data subject. 

23 Although the above description is directed at purchasing an item over the Internet, the same 

24 concept of distribution of information can be applied to other areas. 

25 In all of these different type of embodiments, the communications between the different parties 

26 can be encrypted in any manner known in the art. In addition, some of the communications can be 
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1 accomplished in different manners. For example, in an alternate embodiment of the preferred 

2 embodiment, communications between the data repository and the authorized data recipient computer 

3 can occur using a separate communication link. The communication link can be a direct link between the 

4 authorized data recipient and the data repository. Using this separate link can ensure against 

5 unauthorized transactions. 

6 Although the present invention has been described in detail for purpose of illustration, it is 

7 understood that such detail is solely for that purpose, and variations can be made therein by those skilled 

8 in the art without departing from the scope of the invention. The preceding descriptions of the operations 

9 of the present invention are merely illustrative. In various embodiments of the disclosed inventions 

10 operational steps may be added, eliminated, performed in parallel or performed in a differing order. The 

1 1 apparatus and process of the present invention is defined by the following claims. 

12 
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1 We claim: 

2 1. A system for data recipient invoked electronic transactions comprising: 

3 a network; and 

4 
5 
6 

7 
8 



9 at least one data subject network communication device (NCD) associated with at least one data 

10 subject and associated with the at least one data controller, connected to the network, 

11 and wherein the at least one data subject NCD further comprises NCD software for 

12 sending and receiving information over the network; 

13 the at least one data repository connected to the at least one data recipient computer via the 

14 network, wherein the at least one data repository further comprises data repository 

15 software, and wherein the data repository client software further comprises instructions 

16 for forwarding the authorized data recipient's offer to the at least one data repository via 

17 the NCD software, and wherein the data repository software further comprises 

18 instructions for gathering information to complete a transaction and for determining that 

19 the at least one authorized data recipient is authorized by the at least one data controller 

20 to receive information about the at least one data subject. 

21 2. The system in accordance with claim 1, wherein the transaction is a transaction to purchase an 

22 item. 

23 3. The system in accordance with claim 2, wherein the item purchased is goods or services. 

24 4. The system in accordance with claim 1, wherein the data repository further comprises instructions 

25 to send the purchasing information to the at least one authorized data recipient computer. 

26 5. The system in accordance with claim 1 , wherein the network is selected from group consisting of 

27 the Internet, intranet, local area networks (LANS), and wide area networks (WANS), wireless, 
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1 wireless local loops and cable networks. 

2 6. The system in accordance with claim 1, wherein the network comprises at least two networks 

3 selected from group consisting of the Internet, intranet, local area networks (LANS), wide area 

4 networks (WANS), wireless, wireless local loops, and cable networks. 

5 
6 

7 7. The system in accordance with claim 1, wherein the at least one authorized data recipient is the 

8 data controller. 

9 8. The system according to claim 1 wherein the transaction is a transaction to convey information. 

10 9. The system according to claim 8 wherein the information conveyed is information for college 

11 admission. 

12 10. The system according to claim 8 wherein the information is information for an applications for 

13 credit. 

14 11. The system in accordance with claim 1, wherein the client software and the NCD software send 

15 and receive files in a common computer language. 

16 12. The system in accordance with claim 11, wherein the common computer language is selected 

17 from a group consisting of HTML, XML, and WML. 

18 13. The system in accordance with claim 1, wherein the NCD software further comprises a translator 

19 for reading and writing files in the native language of the NCD software, and for reading and 

20 writing files in the native language of the client software. 
21 

22 14. The system in accordance with claim 1 , wherein the repository client software further comprises a 

23 translator for reading and writing files in the native language of the repository client software, and 

24 for reading and writing files in the native language of the NCD software. 

25 15. The system in accordance with claim 1, wherein the data repository software further comprises 

26 instructions for assigning a unique identifier to the at least one data subject and providing the 

27 unique identifier to the at least one authorized data recipient. 

28 
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1 

2 16. The system according to claim 1 wherein the data repository is controlled by the data controller. 

3 17. The system according to claim 1 wherein the NCD is a personal computer. 

4 18. The system according to claim 6 wherein the NCD is a wireless device connected to the wireless 

5 network. 

6 19. The system in accordance with claim 1, wherein the repository client software further comprises 

7 instructions to the NCD software for forward the authorized data recipient's offer to the data 

8 repository and for sending a message to the data repository indicating whether an NCD software 

9 identifier is present in the NCD software, and wherein the presence of an NCD software identifier 

10 indicates whether the NCD software was previously used in conjunction with the system. 

1 1 20. The system in accordance with claim 1 9 wherein the NCD software identifier is a cookie. 

12 21. The system in accordance with claim 19, wherein the data repository further comprises a data 

13 subject data structure which further comprises information pertaining to previous transactions by 

14 at least one registered data subject, and wherein the at least one registered data subject is a data 

15 subject who has previously registered with the system. 

16 22. The system in accordance with claim 21, wherein the data repository further comprises storage 

17 for storing the data subject data structure. 

18 23. The system in accordance with claim 21, wherein the data repository further comprises at least 

19 one server for storing the data subject data structure. 

20 24. The system in accordance with claim 19, further comprising an authorized data recipient data 

21 structure comprising information which represents authorized data recipient information that is 

22 necessary for identifying the authorized data recipient and the authorized data recipient 

23 computer. 

24 25. The system in accordance with claim 24, wherein the authorized data recipient information further 

25 comprises contact information, an authorized data recipient identification number, at least one 

26 network location for the authorized data recipient computer, accepted payment card types, 

27 accepted currencies, and accepted payment methods. 
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1 26. The system in accordance with claim 24, wherein the data repository further comprises storage 

2 for storing the authorized data recipient data structure. 

3 27. The system in accordance with claim 1 , wherein the data repository further comprises: 

4 a data subject data structure which further comprises information pertaining to previous 

5 transactions by at least one registered data subject, and wherein a registered data 

6 subject is a data subject who has previously registered with the system; and 

7 an authorized data recipient data structure which further comprises information which represents 

8 authorized data recipient information and which identifies the authorized data recipient 

9 and the authorized data recipient computer. 

10 28. The system in accordance with claim 27, wherein the data repository software further comprises 

Oil instructions for selecting a data subject if the NCD software identifier identifies one or more 

U1 12 registered data subjects who have used the data subject's NCD software in conjunction with the 

=13 13 system. 

14 29. The system in accordance with claim 27, wherein the data repository software further comprises 

J" 15 instructions for gathering the transaction information pertaining to the selected registered data 

% 16 subject from the data subject data structure to complete a transaction. 

17 30. The system in accordance with claim 27, wherein the data repository software further comprises 

CI 18 instructions for selecting the transaction information for a selected registered data subject that is 

19 acceptable to the authorized data recipient based on the authorized data recipient information in 

20 the authorized data recipient data structure. 

21 31. The system in accordance with claim 27, wherein the data repository software further comprises 

22 instructions for gathering the transaction information to complete the transaction by prompting the 

23 registered data subject for additional information to complete the transaction if the data subject 

24 data structure is missing information to complete the transaction. 

25 32. The system in accordance with claim 27, wherein the data repository software further comprises 

26 instructions for gathering the information to complete the transaction by prompting the data 

27 subject for the information when the data subject is a non-registered data subject. 
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1 33, The system in accordance with claim 27, wherein the data repository software further comprises 

2 instructions for gathering information to complete the transaction by prompting the data subject 

3 for the information when the data recipient is not an authorized data recipient of the data 

4 controller that is associated with the data subject. 

5 34. The system in accordance with claim 27, wherein the data repository software further comprises 

6 instructions for allowing a registered data subject to enter information to identify the registered 

7 data subject thereby allowing the data repository software to access the registered data subject's 

8 information stored in the data subject data structure if the data repository software did not select 

9 the correct registered data subject. 

10 35. The system in accordance with claim 34, wherein the information which can be entered to identify 
O 11 the registered data subject comprises a data subject identification number, email address, and a 

m 12 passphrase. 

The system in accordance with claim 27, wherein the data repository software further comprises 
instructions for allowing a registered data subject to enter information to identify the registered 
data subject thereby allowing the data repository software to access the registered data subject's 
y 16 information stored in the data subject data structure if the registered data subject was not 

ffj 17 associated with the data subject's NCD software. 

0 18 37 * The system in accordance with claim 34, wherein the information which can be entered to identify 
' 19 registered data subject further comprises a data subject identification number, email address, 

20 and a passphrase. 

21 38. The system in accordance with claim 27, wherein the data repository software further comprises 

22 instructions for prompting the selected data subject for the data subject's identification number 

23 and passphrase if the registered data subject was selected by the data repository software. 
The system in accordance with claim 27, further comprising a temporary data structure for storing 



m 13 36. 

uj 15 



24 39. 



2 5 for a limited amount of time information pertaining to a transaction. 



26 40. 



The system in accordance with claim 1, wherein the authorized data recipient's offer comprises at 



27 ^ast a authorized data recipient identifier, a price for the item, a digital signature of the authorized 
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1 data recipient, and a transaction number. 

2 41. The system in accordance with claim 40, wherein the authorized data recipient's offer further 

3 comprises a final price indicator that indicates that the price for an item is not final. 

4 42. The system in accordance with claim 27, wherein the data repository software further comprises 

5 instructions for communicating the data subject's shipping address information to the authorized 

6 data recipient computer and for calculating the final price for the item if the final price indicator 

7 indicates that the price for an item is not final. 

8 43. The system in accordance with claim 42, wherein the data subject's shipping address information 

9 communicated to the authorized data recipient further comprises the city, state, country and mail 

10 code of the data subject's shipping address. 

11 44. The system in accordance with claim 43, wherein the authorized data recipient computer further 

12 comprises instructions for calculating the final price for the item being purchased based on the 

13 data subject's shipping address information. 

14 45. The system in accordance with claim 43, wherein the data subject's shipping address information 

15 communicated to the authorized data recipient further comprises the shipping means. 

16 46. The system in accordance with claim 4539, wherein the authorized data recipient computer 

17 further comprises instructions for calculating the final price for the item being purchased based on 

18 the data subject's shipping address information. 

19 47. The system in accordance with claim 35, wherein the data subject's shipping address is the email 

20 address where the item is being sent for items which can be delivered over the network. 

21 
22 
23 

24 48. The system in accordance with claim 1, wherein the data repository further comprises a data 

25 subject transaction log for recording information relating to a registered data subject's purchasing 

26 transactions, and wherein a registered data subject is a data subject who has previously 

27 registered with the system. 
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1 49. The system in accordance with claim 48, wherein the data repository further comprises storage 

2 for storing the data subject transaction log. 

3 50. The system in accordance with claim 49, further comprising at least one server to store the data 

4 subject transaction log. 

5 51. The system in accordance with claim 1, wherein the data repository further comprises an 

6 authorized data recipient transaction log for storing information relating to transactions performed 

7 by the at least one authorized data recipient. 

8 52. The system in accordance with claim 51, wherein the data repository further comprises storage 

9 for storing the authorized data recipient transaction log. 

10 53. The system in accordance with claim 51, further comprising at least one server for storing the 

1 1 authorized data recipient transaction log. 

12 54. The system according to claim 1 wherein the data repository further comprises instructions for 

13 determining that the data recipient is authorized by the data controller associated with the data 

14 subject. 

15 55. A method for authorized data recipient invoked electronic transactions over a network between at 

16 least one data subject, associated with at least one data controller, having at least one data 

17 subject's NCD connected to the network, at least one authorized data recipient, associated with 

18 the at least one data controller, having at least one authorized data recipient computer connected 

19 to the network, and at least one data repository connected to the network, comprising: 

20 requesting an authorized data recipient's offer from at least one authorized data recipient 

21 over a network by at least one data subject using NCD software on the at least one data 

22 subject's NCD; 

23 invoking data repository client software on the at least one authorized data recipient 

24 computer in response to the data subject's request for a authorized data recipient's offer, 

25 and wherein invoking the data repository client software further comprises: 

26 connecting the at least one data subject's NCD to the at least one data 

27 repository; 
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1 invoking the data repository client software; 

2 forwarding the authorized data recipient's offer to the least one data repository; 

3 determining that both the at least one data subject and one the at least one 

4 authorized data recipient are associated with the at least one data 

5 controller; and 

6 gathering the information by the data repository to complete a transaction. 

7 56. The method in accordance with claim 55 further comprising gathering information relating to the 

8 purchase of an item. 

9 57. The method in accordance with claim 56 further comprising sending the purchasing information to 

10 the at least one authorized data recipient computer. 

11 58. The method in accordance with claim 56, further comprising sending the purchasing information 

12 to the at least one authorized data recipient computer. 

13 59. The method in accordance with claim 55, further comprising the client software instructing the 

14 data subject NCD software to forward the authorized data recipient's offer to the data repository 

15 and sending a message indicating whether a NCD software identifier is present in the data 

16 subject's NCD software. 

17 60. The method in accordance with claim 59, wherein the sending of a message indicating whether a 

18 NCD software identifier is present in the data subject's NCD software further comprises the client 

19 software instructing the NCD software to forward a message and wherein the NCD software 

20 identifier is a cookie. 

21 61. The method in accordance with claim 55, further comprising accessing an authorized data 

22 recipient data structure in the data repository to determine the transaction information the at least 

23 one authorized data recipient requires to complete a transaction. 

24 62. The method in accordance with claim 56, further comprising accessing a data subject data 

25 structure in the data repository to gather the transaction information the at least one authorized 

26 data recipient requires to complete a purchasing transaction. 

27 63. The method in accordance with claim 62, further comprising prompting the registered data 
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1 subject for additional transaction information to complete a purchasing transaction if the data 

2 subject data structure is missing transaction information which is necessary for the at least one 

3 authorized data recipient to complete a purchasing transaction. 

4 64. The method in accordance with claim 55, further comprising prompting the data subject for the 

5 transaction information when the data subject is a non-registered data subject. 

6 65. The method in accordance with claim 55, further comprising gathering the information to 

7 complete the transaction by prompting the data subject for the information when the data 

8 recipient is not an authorized data recipient of the data controller that is associated with the data 

9 subject. 

10 66. The method in accordance with claim 55, further comprising the data repository software 

r * s 11 assigning a unique identifier to the at least one data subject and providing the unique identifier to 

12 the at least one authorized data recipient. 

13 67. The method in accordance with claim 66, further comprising a registered data subject entering 
% i 14 identifying information to allow a registered data subject to identify the registered data subject 
01 15 thereby allowing the data repository software to access the registered data subject's information 
q 16 from the data subject data structure if the data repository software did not select the registered 
Pj"| 17 data subject. 

^ 18 68. The method in accordance with claim 67, wherein entering the identifying information further 

u 19 comprises a data subject entering the data subject's identification number, email address, and a 

20 passphrase. 

21 69. The method in accordance with claim 66, further comprising a registered data subject entering 

22 identifying information to allow a registered data subject to identify the registered data subject 

23 thereby allowing the data repository software to access the registered data subject's information 

24 from the data subject data structure if the registered data subject is not associated with the data 

25 subject's NCD software. 

26 70. The method in accordance with claim 69, wherein entering the identifying information further 

27 comprises a data subject entering the data subject's identification number, email address, and a 
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1 




passphrase. 


2 


71. 


The method in accordance with claim 66, further comprising prompting the selected registered 


3 




data subject to enter the data subject's identification number and passphrase when the registered 


4 




data subject was selected by the data repository software. 


5 


72. 


The method in accordance with claim 64, further comprising storing the data subject's transaction 


6 




information in a temporary data structure when the data subject is a non registered data subject. 


7 


73. 


The method in accordance with claim 72, further comprising transferring the data subject's 


8 




transaction information from the temporary data structure when a non-registered data subject 


9 




elects to become a registered data subject. 


10 


74. 


The method in accordance with claim 63, further comprising sending the data subject's shipping 


11 




address information to the authorized data recipient computer when a final price indicator in the 


12 




authorized data recipient's offer indicates that the price for an item is not final. 


13 


75. 


The method in accordance with claim 74, wherein sending the data subject's shipping address 


14 




further comprises sending the data subject's city, state, country and mail code. 


15 


76. 


The method in accordance with claim 75, further comprising the authorized data recipient 


16 




computer calculating a final price based on the data subject's shipping address. 


17 


77. 


The method in accordance with claim 55, further comprising recording information relating to a 


18 




registered data subject's purchasing transactions, wherein a registered data subject is a data 


19 




subject who has previously registered with the system. 


20 


78. 


The method in accordance with claim 55, further comprising recording information s relating to 


21 




transactions performed by the at least one authorized data recipient. 


22 


79. 


The method in accordance with claim 66, wherein the assigning a unique identifier indicating 


23 
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the client software instructing the NCD software to forward a message and wherein the NCD 


25 
26 




software identifier is a cookie. 
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1 Abstract of the Disclosure 

2 A system and method for storage and retrieval of information subject to authorization by a data 

3 controller that allows information for purchasing and other information exchange to occur only for 

4 authorized parties. A data subject place information about the data subject into a data repository 

5 controlled by a data controller. The data controller authorizes a data recipient to obtain that data subject 

6 data when authorized by a data subject. Such transactions as purchases of goods and services and 

7 applying for college admission are the types of trans actions contemplated. The data repository places 

8 client software on the computer of the data recipient thereby signifying that the data recipient is 

9 authorized. Thereafter, the data recipient can receive information about the data subject when the data 
10 subject accepts and offer from the data recipient. 
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